Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2020/04/07 3:47 p.m.6 views

@3volutions/welle7.lib (=1.0.1), @acathur/koa-decorator-ts (>=2.7.0 <=2.7.4) +1163 more potentially affected by CVE-2020-7637 via class-transformer (>=0.1.10 <=0.2.3)

class-transformer NPM version =0.1.10, =2.7.0, =1.0.0, =0.1.0, =0.0.4, =0.0.1, =1.0.1, =0.0.1, =1.3.0-next.2, =1.2.0, =1.0.1, =0.0.1, =0.0.1, =0.0.9, =0.0.18 and more Source cves: CVE-2020-7637 Source advisory: OSV:GHSA-6GP3-H3JJ-PRX4...

5.3CVSS5.9AI score0.01159EPSS
Exploits1
Cvelist
Cvelist
added 2020/04/06 12:34 p.m.34 views

CVE-2020-7637

class-transformer before 0.3.1 allow attackers to perform Prototype Pollution. The classToPlainFromExist function could be tricked into adding or modifying properties of Object.prototype using a proto payload...

5.2AI score0.01159EPSS
Exploits1References2
CVE
CVE
added 2020/04/06 12:34 p.m.67 views

CVE-2020-7637

CVE-2020-7637 affects class-transformer versions prior to 0.3.1. The vulnerability stems from classToPlainFromExist allowing a proto payload to pollute Object.prototype, enabling attacker-controlled modification of object properties. Impact is described as prototype pollution; upstream fixes requ...

5.3CVSS5.2AI score0.01159EPSS
Exploits1References2Affected Software1
vulnersOsv
vulnersOsv
added 2020/04/05 12:0 a.m.8 views

@3volutions/welle7.lib (=1.0.1), @acathur/koa-decorator-ts (>=2.7.0 <=2.7.4) +1163 more potentially affected by CVE-2020-7637 via class-transformer (>=0.1.10 <=0.2.3)

class-transformer NPM version =0.1.10, =2.7.0, =1.0.0, =0.1.0, =0.0.4, =0.0.1, =1.0.1, =0.0.1, =1.3.0-next.2, =1.2.0, =1.0.1, =0.0.1, =0.0.1, =0.0.9, =0.0.18 and more Source cves: CVE-2020-7637 Source advisory: SNYK:JS-CLASSTRANSFORMER-564431...

5.3CVSS5.9AI score0.01159EPSS
Exploits1
Rows per page
Query Builder